From patchwork Tue Nov  2 04:23:14 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [Openvpn-devel] Fix tls-version-min default once again
X-Patchwork-Submitter: Selva Nair <selva.nair@gmail.com>
X-Patchwork-Id: 2053
Message-Id: <20211102042314.19113-1-selva.nair@gmail.com>
To: openvpn-devel@lists.sourceforge.net
Date: Tue,  2 Nov 2021 00:23:14 -0400
From: selva.nair@gmail.com
List-Id: <openvpn-devel.lists.sourceforge.net>

From: Selva Nair <selva.nair@gmail.com>

commit 51be733ba236610dff6a1c361cf59172db97473a
claimed to correct this but did not do it properly.
(my fault). The check whether tls-version-min is set
by the user or not was still wrong.

Hope this fixes it for good.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
---
 src/openvpn/options.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 4a5db8a6..6b15d898 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3165,7 +3165,9 @@ static void
 options_set_backwards_compatible_options(struct options *o)
 {
     /* TLS min version is not set */
-    if ((o->ssl_flags & SSLF_TLS_VERSION_MIN_MASK) == 0)
+    int tls_ver_min = (o->ssl_flags >> SSLF_TLS_VERSION_MIN_SHIFT)
+                          & SSLF_TLS_VERSION_MIN_MASK;
+    if (tls_ver_min == 0)
     {
         int tls_ver_max = (o->ssl_flags >> SSLF_TLS_VERSION_MAX_SHIFT)
                           & SSLF_TLS_VERSION_MAX_MASK;